All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] crypto: mark crc32 checksum as FIPS allowed
@ 2019-01-25  9:31 Milan Broz
  2019-01-25 12:52 ` Stephan Mueller
  2019-02-01  6:51 ` Herbert Xu
  0 siblings, 2 replies; 3+ messages in thread
From: Milan Broz @ 2019-01-25  9:31 UTC (permalink / raw)
  To: linux-crypto; +Cc: Milan Broz

The CRC32 is not a cryptographic hash algorithm,
so the FIPS restrictions should not apply to it.
(The CRC32C variant is already allowed.)

This CRC32 variant is used for in dm-crypt legacy TrueCrypt
IV implementation (tcw); detected by cryptsetup test suite
failure in FIPS mode.

Signed-off-by: Milan Broz <gmazyland@gmail.com>
---
 crypto/testmgr.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 0f684a414acb..82bc0398bbbf 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2735,6 +2735,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "crc32",
 		.test = alg_test_hash,
+		.fips_allowed = 1,
 		.suite = {
 			.hash = __VECS(crc32_tv_template)
 		}
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] crypto: mark crc32 checksum as FIPS allowed
  2019-01-25  9:31 [PATCH] crypto: mark crc32 checksum as FIPS allowed Milan Broz
@ 2019-01-25 12:52 ` Stephan Mueller
  2019-02-01  6:51 ` Herbert Xu
  1 sibling, 0 replies; 3+ messages in thread
From: Stephan Mueller @ 2019-01-25 12:52 UTC (permalink / raw)
  To: Milan Broz; +Cc: linux-crypto

Am Freitag, 25. Januar 2019, 10:31:47 CET schrieb Milan Broz:

Hi Milan,

> The CRC32 is not a cryptographic hash algorithm,
> so the FIPS restrictions should not apply to it.
> (The CRC32C variant is already allowed.)
> 
> This CRC32 variant is used for in dm-crypt legacy TrueCrypt
> IV implementation (tcw); detected by cryptsetup test suite
> failure in FIPS mode.
> 
> Signed-off-by: Milan Broz <gmazyland@gmail.com>

Reviewed-by: Stephan Mueller <smueller@chronox.de>

Ciao
Stephan



^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] crypto: mark crc32 checksum as FIPS allowed
  2019-01-25  9:31 [PATCH] crypto: mark crc32 checksum as FIPS allowed Milan Broz
  2019-01-25 12:52 ` Stephan Mueller
@ 2019-02-01  6:51 ` Herbert Xu
  1 sibling, 0 replies; 3+ messages in thread
From: Herbert Xu @ 2019-02-01  6:51 UTC (permalink / raw)
  To: Milan Broz; +Cc: linux-crypto

On Fri, Jan 25, 2019 at 09:31:47AM +0000, Milan Broz wrote:
> The CRC32 is not a cryptographic hash algorithm,
> so the FIPS restrictions should not apply to it.
> (The CRC32C variant is already allowed.)
> 
> This CRC32 variant is used for in dm-crypt legacy TrueCrypt
> IV implementation (tcw); detected by cryptsetup test suite
> failure in FIPS mode.
> 
> Signed-off-by: Milan Broz <gmazyland@gmail.com>
> ---
>  crypto/testmgr.c | 1 +
>  1 file changed, 1 insertion(+)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-02-01  6:51 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-25  9:31 [PATCH] crypto: mark crc32 checksum as FIPS allowed Milan Broz
2019-01-25 12:52 ` Stephan Mueller
2019-02-01  6:51 ` Herbert Xu

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.